Panda Security Dome 安全漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from the Spanish company Panda Security. A security vulnerability exists in Panda Security Dome that stems from a lack of proper permission settings for folders created by the Hydra Sdk Windows service, which could allow a loc...

CVE-2018-9477

In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2024-10711 · Unknown · Settings App

Name of the Vulnerable Software and Affected Versions: Settings app affected versions not specified Description: The issue is related to a possible authentication bypass in the development options section of the Settings app due to a missing permission check. This could lead to local escalation o...

Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

Exploit for CVE-2024-22262

Spring CVE-2024-22262 Proof of Concept This repo contains...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

Zoom多款产品 安全漏洞

Zoom Rooms and others are products of Zoom Corporation, a U.S.-based company.Zoom Rooms is a software-based conferencing system.Zoom Meeting SDK is a development kit.Zoom Workplace is a desktop application. A security vulnerability exists in a number of Zoom products. The vulnerability stems from...

CVE-2024-21287

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Software Development Kit, Process Extension. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

kernel-devel-6.11.8-1.1 on GA media (moderate)

kernel-devel-6.11.8-1.1 on GA media Announcement ID: openSUSE-SU-2024:14500-1 Rating: moderate Cross-References: CVE-2023-52917 CVE-2024-46869 CVE-2024-47671 CVE-2024-47675 CVE-2024-47676 CVE-2024-47677 CVE-2024-47678 CVE-2024-47679 CVE-2024-47680 CVE-2024-47681 CVE-2024-47682 CVE-2024-47683...

GPAC 资源管理错误漏洞

GPAC is an open source multimedia framework from GPAC Open Source. A resource management error vulnerability exists in GPAC version 2.3-DEV-revrelease, which stems from memory reuse after release...

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-45218)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-45217)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

ALSA-2024:9088 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent...

CVE-2024-51837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0...

CVE-2024-51837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through = 1.0.0...

CVE-2024-51837

CVE-2024-51837 is a WordPress WP Contest plugin SQL injection vulnerability (Improper Neutralization of Special Elements) affecting WP Contest

CVE-2024-51837 WordPress WP Contest plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through = 1.0.0...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...